<?php
session_start();
include ('../config.php');
include ('secureadmin.php');
include ('paginator.php');
$sitequery = 'select * from settings;';
$siteresult = mysql_query($sitequery,$connection) or die(mysql_error());
$siteinfo = mysql_fetch_array($siteresult);
$sitetitle = $siteinfo['title'];
$siteurl = $siteinfo['url'];
$adminquery = 'select * from admins;';
$adminresults = mysql_query($adminquery,$connection) or die(mysql_error());
$admininfo = mysql_fetch_array($adminresults);
$adminemail = $admininfo['email'];
if($_POST['delete']) // from button name="delete"
{
$checkbox = $_POST['checkbox'];
$count = count($checkbox);
for ($i=0;$i<=$count;$i++){
$sql = "DELETE from `articles` WHERE `id`=".$checkbox[$i].";";
$query = mysql_query($sql);
}
header('Location: articlereview.php');
}
if($_POST['approve']) // from button name="delete"
{
$checkbox = $_POST['checkbox'];
$count = count($checkbox);
for ($i=0;$i<=$count;$i++){
$sql = "UPDATE `articles` SET status = 0 WHERE `id`=".$checkbox[$i].";";
$query = mysql_query($sql);
}
header('Location: articlereview.php');
}
if(isset($_GET['deleteid'])) {
$deleteid = $_GET['deleteid'];
$sql = "DELETE from `articles` WHERE `id`=".$deleteid.";";
$query = mysql_query($sql);
header('Location: articlereview.php');
exit();
}
if(isset($_GET['approveid'])) {
$activeid = $_GET['approveid'];
$sql = "UPDATE `articles` SET status = 0 WHERE `id`=".$activeid.";";
$query = mysql_query($sql);
// SEND EMAIL TO AUTHOR ON APPROVAL
$sql = "SELECT * from articles where `id`=".$activeid.";";
$query = mysql_query($sql);
$articleinfo = mysql_fetch_array($query);
$authorid = $articleinfo['authorid'];
$title = $articleinfo['title'];
$sql = "SELECT * from authors where `id`=".$authorid.";";
$query = mysql_query($sql);
$authorinfo = mysql_fetch_array($query);
$name = $authorinfo['fname'];
$email = $authorinfo['email'];
$emailopt = $authorinfo['mailopt'];
if ($emailopt == 0) {
// send e-mail to ...
$to=$email;
// Your subject
$subject="Article Approved at ".$sitetitle;
// From
$header="from: Admin <".$adminemail.">";
// Your message
$messages = $name.", \r\n";
$messages.= "Your article titled - ".$title." - has been approved at ".$sitetitle." \r\n\n";
$messages.="To view this live article, visit: \r\n";
$messages.= $siteurl."/article.php?id=".$activeid." \r\n";
$messages.="\r\n \r\n NOTE: you can disable these notifications from the Account Settings area of your author dashboard. \r\n";
// send email
$sentmail = mail($to,$subject,$messages,$header);
}
header('Location: articlereview.php');
exit();
}
if(isset($_POST['update'])) {
$articleid = $_POST['articleid'];
if(get_magic_quotes_gpc()) {
$newtitle = $_POST['title'];
$newbody = $_POST['body'];
$newresource = $_POST['resource'];
} else {
$newtitle = mysql_real_escape_string($_POST['title']);
$newbody = mysql_real_escape_string($_POST['body']);
$newresource = mysql_real_escape_string($_POST['resource']);
}
$catid = $_POST['category'];
//Get the category's parent id
$catquery = "select * from categories where id =".$catid;
$catresult = mysql_query($catquery,$connection) or die(mysql_error());
$catinfo = mysql_fetch_array($catresult);
$parentid = $catinfo['parentid'];
if (!$parentid) {
$parentid = "NULL";
}
$sql = "UPDATE articles SET status=0, title='".$newtitle."', categoryid='".$catid."', parentid='".$parentid."', body='".$newbody."', resource='".$newresource."' WHERE `id`=".$articleid."";
$query = mysql_query($sql);
header('Location: articlereview.php?activate=true');
exit();
}
$metatitle = "Articles to Review - Admin Control Panel";
include ('includes/document_head.php');
?>
<!-- CONFIRM DELETE -->
<script type="text/javascript">
function confirmDelete(delUrl) {
if (confirm("Are you sure you want to delete this article? It will be removed immediately.")) {
document.location = delUrl;
}
}
</script>
<div id="wrapper">
<?php include 'includes/topbar.php'?>
<?php include 'includes/sidebar.php'?>
<div class="main_container container_16 clearfix">
<?php
// Setup pagination controls
$rowsquery = "select * from articles where status=1";
$rowsresults = mysql_query($rowsquery,$connection) or die(mysql_error());
$rows_results = mysql_num_rows($rowsresults);
$pages = new Paginator;
$pages->urlparam = "?";
$pages->items_total = $rows_results;
$pages->mid_range = 9;
$pages->paginate();
if ($pages->items_total) {
$query = "select * from articles where status=1 order by date desc ".$pages->limit;
} else {
$query = "select * from articles where status=1 order by date desc";
}
$articleresults = mysql_query($query,$connection) or die(mysql_error());
$num_results = mysql_num_rows($articleresults);
// for display of page #
$pagenum = $_GET['page'];
if (!$pagenum)
$pagenum = 1;
?>
<div class="flat_area grid_16">
<h2>Articles in Review (<?php echo $rows_results; ?>)</h2>
<p>These articles are awaiting your review before they go live. Click the article title to preview or edit the full article. <br/>
<br/><b>Activate</b> - This action immediately publishes the article on your directory.
<br/><b>Problem</b> - For articles that don't meet your standards, allows author can make suggested changes before the article is published
<br/><b>Delete</b> - Completely removes the article from the directory. </p><br/>
<?php if($skipqueue) { ?>
<p>NOTE: You currently have articles set to be published immediately, skipping this queue. You can modify this from the Site Settings panel on the left. </p><br/>
<?php } ?>
<?php echo "<div style=\"float:right; font-weight: bold;\">(Page ".$pagenum.") ".$pages->display_pages()."</div><br/>"; ?>
</div>
<div class="box grid_16 round_all">
<form action="articlereview.php" method="post">
<table width="100%" class="listing">
<thead>
<tr>
<th width="5%"></th>
<th width="5%">ID</th>
<th width="8%">Date</th>
<th width="42%">Title</th>
<th width="15%">Author</th>
<th width="30%">Actions</th>
</tr>
</thead>
<tbody>
<?php
for ($i=0; $i <$num_results; $i++) {
$row = mysql_fetch_assoc($articleresults);
$date = strtotime($row['date']);
$artdate = date('m/d/y', $date);
// Get Author Display Name
$authquery = "select * from authors where id=".$row['authorid'];
$authresult = mysql_query($authquery,$connection) or die(mysql_error());
$authinfo = mysql_fetch_assoc($authresult);
// Get Views
$viewquery = "select * from articleviews where articleid=".$row['id'];
$viewresult = mysql_query($viewquery,$connection) or die(mysql_error());
$viewinfo = mysql_fetch_assoc($viewresult);
$views = $viewinfo['views'];
if (!$views) $views = "-";
if($row['status'] == 0) {
$status = "Active";
} elseif($row['status'] == 1) {
$status = "In Review";
} else {
$status = "Problem";
}
echo "<tr> <td> <input type='checkbox' name='checkbox[]' id='checkbox[]' value=".$row['id']." /> </td>
<td>".$row['id']."</td>
<td>".$artdate."</td>
<td><a href=\"articleedit.php?id=".$row['id']."\">".$row['title']."</a></td>
<td><a href=\"authoredit.php?id=".$authinfo['id']."\">".$authinfo['displayname']."</a></td>
<td><a href=\"articlereview.php?approveid=".$row['id']."\">Approve</a> | <a href=\"markproblem.php?id=".$row['id']."\">Problem</a> | <a href=\"javascript:confirmDelete('articlereview.php?deleteid=".$row['id']."')\">Delete</a></td></tr>";
}
?>
</tbody>
</table>
</div>
<?php
//display pagination
echo "<div style=\"float:right; font-weight: bold;\"> (Page ".$pagenum.") ".$pages->display_pages()."</div><br/>";
?>
<input id='approve' type='submit' name='approve' value="Approve Checked Articles" class="button_colour round_all">
<input id='delete' type='submit' name='delete' value="Delete Checked Articles" class="button_colour round_all">
</form>
<br/><br/>
</div>
</div>
<?php include 'includes/closing_items.php'?>